Month: June 2020

Grilled Corn

Turns out you can cook corn directly on the grill. When we bought our grill eight or nine years ago, I found a recipe has you peel back the husk, remove the silk, re-wrap the corn in the husk, and soak it all in saltwater for an hour. That is a lot of lead time, and we wrapped up our yard work at 9PM this evening … so an extra hour and a half or so to get the corn ready wasn’t going to happen.

But if you shuck the corn, baste it with a little olive oil, and toss it on the grill … turn the ears every 3-4 minutes to avoid scorching … it is delicious. Total cook time was somewhere between 15 and 20 minutes over medium-high flame. The grill itself was open a lot (every 3 or 4 minutes to turn it, plus checking on the burgers).

Scratch – Touching Clones

While you can detect when a clone is touching a main sprite, there’s no way to detect if something is touching a clone. The workaround is to use broadcast messages to trigger events.

1. In the clone, create an “if touching” block to detect when it is being touched by the sprite

2. Within the if-touching block, send a broadcast message (under the “Events” blocks)

3. On the other sprite, create a block triggered by the “I receive” event for the code you want to run when this sprite touches the clone of another sprite.

4. Now a sprite executes the desired code when it is touching the clone of another sprite.

 

SDNY

Who can actually fire a US Attorney appointed under 28 U.S. Code § 546 (d) is an interesting question. The text says “district court for such district may appoint a United States attorney to serve until the vacancy is filled”. Filling the position through the ordinary nomination, Senate approval, AG appointment process is an obvious path to replace the person appointed to the position. It’s possible the district court could appoint someone else — letter of the law, I don’t think so. Don’t see anyone else in the list, though. Certainly not AG.

Git — Show Dates For Branches

We wanted to see all of the branches in a repository with the dates of the latest commit:

git for-each-ref --sort=committerdate refs/heads/ --format='%(committerdate:rfc-local) %(refname:short)'

This outputs the full date/time (you can use any of the git log date formats [relative|local|default|iso|rfc|short|raw] after committerdate; short for the date without time)

 

Decompiling Jython Class Files

Looks like Jython that is compiled into a class file can be decompiled just like a Java class (I use jd-cmd which is both simple and open source). But … you don’t get back Python. In a disaster recovery scenario, you get back something and could reconstruct your Python code from the Java-looking stuff you get back.

I don’t normally type the entire command — a quick function in your .bashrc gives you a command alias that can be used instead.

Financial Literacy

I think everyone should have a mandatory year of poverty — it provides essential perspective on financial planning. And social services. And public policy. Throw everything you’ve got in a trust, you’ll get it back after a year. Heck, I’ll spot ’em a copy of the bus schedule, a minimum wage job, and 500$ of their own money to get started. Good luck finding a flat and getting to work on Sunday. Yeah, you work Sunday – your days off are Monday and Thursday this week. Check the schedule to see what your days off are next week. And the boss needs three weeks notice if you want to request a specific weekday off, weekends aren’t available for request until you’ve got two years of service.
 
I had people say that kind of rubbish to me when I was broke — and I’d happily let them run through my budget and find this money I was supposed to be dropping into my “emergency fund”. News flash: eating every couple of days? That’s an emergency. Heat in the winter when it’s 10F outside? Absolute emergency. Rent’s due on the 1st — you got it, another emergency.
 
Sure, you could drop the 20$ a month from the phone bill into a savings account — lose 5$ a month to the service fee since you’ve got no money, but there’s nothing for that until you amass 500$ — and come out with 180$ a year. But I’d get called in for overtime shifts, so saving 180$ in a year cost me a grand.
 
‘t wasn’t my “financial literacy” that caused the problem. It was the lack of income!

Renaming Military Bases

If we’re not renaming military bases because Confederate generals are a part of our history (although it will be interesting to see if Trump gets countermanded again) … can we start applying the same “it’s part of history, so we need to remember it” logic when naming new bases (or ships)? The generally abysmal lack of historic knowledge probably requires very specific locations for the names to be meaningful if we go with Revolutionary War figures — Fort Burgoyne in the Satatoga area, maybe rename a naval base with Arbuthnot. And of course we’d need a Fort Arnold. But why ignore the last 150 years? Have a Fort Wilhelm II. Fort Minh. Fort Sandino. Or combine base renaming with current-day diplomacy. I’m sure Kim Jong-un will be honored when we unveil Fort Kim Il-sung. It’s all part of our history, right?

On a tangentially related note … how many people have actually stopped to look at a statue? Read the name on the statue? Read the blurb about the person? Gone home and spent an hour researching the individual? Does the fact a statue exists at Gettysburg mean the general population remembers Francis Channing Barlow? Are we really in danger of forgetting who Robert E Lee was if statues aren’t standing in our parks?

The Dog Ate My Homework

 
‘The police department acknowledged errors in the report that it said was the result of the reporting program creating a paper file.
 
“Inaccuracies in the report are unacceptable to us, and we are taking immediate steps to correct the report and to ensure the accuracy of incident reports going forward,” the statement said.’
 
Seriously? “Software problem” has become the new ‘dog ate my homework’. Do they actually expect someone to believe the software somehow turned their verbose and well-documented description of what actually happened to “PIU investigation”?! Leaving that element aside …
 
I’ve done software development for some 25 years. From a technical standpoint, incorrect data mapping happens — worked on a bank project once where they had bought a smaller company and mis-mapped previous and current address fields (+ instituted an annual fee — notice of which was sent to your previous address. Along with the first bill on a card you hadn’t used in three years, the next month’s bill with late fee and interest, the next next month’s bill … you get the idea. It was an ugly cleanup process full of angry people who generally didn’t even realize they *had* that card anymore, never mind wanting to pay 30$ a year to have said card).
 
But here’s the thing — you don’t randomly map “forced intrusion == true” to an unchecked box or find a non-null list of injuries and write “none” as a one-off. If they had one data inconsistency and wanted to claim a software bug? Suspect but technically possible — some specific data condition caused a problem generating a paper report. But *this* many errors in the reporting program impact *just* this one report? In the credit card company case, the *only* people who had their current address listed as their mailing address had never moved. 100% of the people with a previous address had that address recorded as their current address. I’ve encountered companies that had problems in specific conditions — everyone in Alaska had a bad address because someone had mapped “AR” to “Alaska” on the input form drop-down.
 
If their software had data mapped wrong in the paper file generation process, it would be generating bad paper files rather regularly. And, honestly, if the department wants to stick with this story … they need to put major time into validating all of the *other* paper files that the software has generated.
 

Re-IP’ing Nightmare

We had a strange problem with our DSL modem a year or so ago — immediately after a firmware update got pushed to us. If something was plugged into a switch port, the whole thing became inaccessible. Only by unplugging all of the network cables and rebooting the thing would it stay online. Strange thing, though, is we were able to put it in bridge mode, plug something in, and have a network. Unfortunately, speed tests came back between 10 and 20 meg … it worked, we could still watch movies, VPN into work, listen to music … but something was clearly not right. In researching the issue, I’d come across a lot of other people who experienced dramatic reduction in speed when they switched their ISP’s device to bridge mode. Coupled with the fact our emergency spare access point, which got promoted to “access point for half of the house” was flaky and IPL’d every couple of days.

Since I’m able to download the DSL modem firmware from work, we’ve wanted to flash the DSL modem … well, basically ever since we came online after the problem occurred. Someone’s always doing something that precludes dropping the Internet for an hour … but, yesterday, it was time. Scott was working on the local network, Anya’s got plenty of books, and I had an hour to spare. Hard reset the DSL modem (you cannot access the admin page in transparent bridge mode), flashed it with the most recent firmware we’ve approved for use, and voila … it’s all working again. I even brought up ISC DHCPD on the internal server so we can add as many static addresses as we want without concern for nvram usage. Scott hard reset the other access point, updated its firmware, and returned it to its position on the other side of the house. Perfect! We’ve now got two access points that stay online. Except — the Actiontec T3200 has no way to define a static route!? I’m sure 99% of their customers don’t care, but when we bought our new server, I set the libvirt VMs up on their own network. Not for any good reason, that was just the configuration I found in all of the online documentation I reviewed.

While I could shell into the Asus and add a route (even include that command in the j-whatever script that executes on boot), that didn’t let traffic from the Internet in to our reverse proxy or mail server. I needed to move the VMs onto a bridge that used the routable internal subnet. And thus began my re-IP’ing nightmare.

Step #1 — Add a bridge network that exists on the internal subnet. Sounds straight-forward enough, but several iterations just tanked the server’s network. At one point, we could reboot the server and have connectivity, reboot again and get nowhere. I cleared out everything I had added, rebooted, and at least had the main server online. With the X display redirected to my laptop, I used nm-connection-editor to create a bridge and the slave device. Disabled stp manually (nmcli connection modify vmbridge bridge.stp no), but I used the GUI for everything else. I’m certain it’s possible to do this all through nmcli … but it was an exercise in frustration (and I’m a big fan of CLI stuff to start with). I used the magic-me-a-bridge wizard, clicked ‘add’ for its device, ran through the magic-me-a-slave-device wizard, added a new temporary IP address to the bridge, dropped the previously-used Ethernet (wired) interface, and brought the bridge online. Voila, network. I added the IP address from the Ethernet interface to the bridge. I’m certain this isn’t The Right Thing To Do(TM), and it’s quite possible that I could safely drop the temporary IP I’d put on the bridge to maintain access to the server. But after eleven hours of problems getting to this state, I’m loathe to rock this boat.

Step #2 — Add a bridge to the libvirt config. Create an XML file with the bridge definition

 2020-06-10 12:21:32 [user@host ~/]# cat bridge.xml
<network>
    <name>vm-bridge</name>
    <forward mode="bridge"/>
    <bridge name="vmbridge"/>
</network

Then use net-define to create a bridge based on your config (virsh net-define bridge.xml). Start your bridge (virsh net-start vm-bridge) and, assuming everything works well, set it to autostart (virsh net-autostart vm-bridge).

Step #3 — The next step *should* be to move your VMs to the new bridge — this involves updating the IP addresses … since I won’t be able to access the servers until that is done, I’ll need the GUI to connect into each server. Unfortunately, my next step actually was to get virt-manager working again when it freaks out. At some point, I had a virt-manager session shut down improperly or something. Attempts to launch virt-manager resulted in the error “Error starting Virtual Machine Manager: g-io-error-quark: Timeout was reached ” … which isn’t particularly helpful. Killing the virt-manager PIDs and restarting libvirtd (systemctl restart libvirtd) restored the management interface.

Step #4 — Move the VMs to your new bridge and change the IPs for the new subnet. I used virt-manager to switch the network interface to my new bridge, booted each server, and updated the IP in the OS. This is somewhere that statically assigning IP’s through DHCP would have made things a little simpler … but updating the IP on Fedora and Windows is straight-forward enough.

Step #5 — Getting Exchange back online. Most documentation tells you Exchange doesn’t care about its IP — which is not exactly true. I knew I would have to edit a few configurations to reflect the new subnet — my mailertable records for internal routing, bindings within Apache HTTPD config files, the Exchange send connector smarthost (set-sendconnector -identity “Connector Name” -SmartHosts “[w.x.y.z]”) since my sendmail server’s IP changed too

And update the binding for the Exchange receive connector. Wasn’t sure why I bound the receive connector to the specific IP interface, so I bound it to all interfaces on port 25. Now that everything’s set up and ports all show up as open … I’m ready to clear through the queued mail. A quick “sendmail -q -v” command and …. uhh, that’s no good. I’m getting “451 4.7.0 Temporary server error. Please try again later. PRX3”

I realized that my previous config had the receive connector bound to a specific IP address for a reason. While changing it to 0.0.0.0 saves a config step if I have to re-IP again, Exchange doesn’t work well when the SMTP server is bound to all interfaces. I had to bind it to the specific IP (set-receiveconnector -identity “Server\Connector Name” -Bindings “w.x.y.z:25″,”[::]:25”) … the IPv6 binding may need to be specific, too, if you actually use IPv6. I don’t … so it’s not.

One final thing to remember — Exchange likes to have a hosts entry for itself. No idea — some Linux-based apps have the same quirk, so I never bothered to investigate farther. Update the hosts file, flush the dns cache (ipconfig /flushdns), and finally I’ve got mail dropping into my mailbox.

I’ve finally returned to the state I was in yesterday afternoon. Well, I went from 10-20 meg speed tests to 50-80 meg speed tests. Upload went from 1-3 to 8-10, too. My Internet speed is very fast 🙂